A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method for protecting a memory, said method comprising: responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to said memory, said request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB); forming a credential from CAP and CAPB; appending said credential to said IO command; configuring said IO device according to said credential and said IO command; transmitting said data from said IO device to the memory; and prior to allowing execution of said DMA, authenticating that said credential is valid, wherein said step of authenticating further comprises: regenerating CAPB from a key available to an authenticating entity and from said CAP (included in CAPB); and verifying that the memory region information described in said cryptographically signed capability is the same as said requested region that was originally created, and that said cryptographically signed capability encompasses said IO command.
2. A computer software product, including a computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to perform a method for protecting a memory, said method comprising: responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to said memory, said request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB); forming a credential from CAP and CAPB; appending said credential to said IO command; configuring said IO device according to said credential and said IO command; transmitting said data from said IO device to the memory; and prior to allowing execution of said DMA, authenticating that said credential is valid, wherein said step of authenticating further comprises: regenerating CAPB from a key available to an authenticating entity and from said CAP (included in CAPB); and verifying that the memory region information described in said cryptographically signed capability is the same as said requested region that was originally created, and that said cryptographically signed capability encompasses said IO command.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
January 17, 2006
July 13, 2010
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.